Wireless Access

Our guest network is tunneled from several local controllers using layer 2 GRE tunnels to a DMZ controller that also is used as a RAP controller. The guest network redirects traffic to the tunnel which leads to the DMZ controller. Recently we started getting a lot of complaints that contractors are not able to use VPN such as Cisco anynet, Juniper SA Junios pulse though a guest network. We configured a test laptop to a co workers home network that had a Juniper setup for VPN. We were able to make it work by plugging into the DMZ controller directly when we use any of the local controllers

You should see if anything was changed.  Type "show audit-trail" on all of your Aruba devices and check all of the other devices in the path for changes.

We have tried that nothing has changed going back though December when the problem started. It's possible the people complaining have their VPN tunnel MTU size set higher because not all VPN has issues. Some people are able to use their VPN.  The ones that are complainng said it worked prior to Decmeber 2015. I know we are able to make it work on our test setup my lowering the MTU to 1200 on the VPN tunnel. 

Okay.  Let us know what you find...

Looks like the night before another network person who no longer works here added a 2nd controller setup a VRRP connection. He moved the GRE tunnel to the VRRP address of the controllers the active controller is still the same one as before. I wonder if the GRE tunnel going ot the VRRP address is the issue. If we moved the Tunnel back to the active controller like it was before when it only had one local controller at that location would that work? Does the destination IP have to be the VRRP IP address? I know redunency won't work that is okay for testing.